I'm getting a redirect loop on a Drupal 7 install. Whenever a non-admin user logs in, the site will enter a redirect loop on the user profile URL; for example, http://example.com/?q=user/testuser.
This URL is accessible with no issues by the superuser account, and attempting to access this URL while logged out returns a 403 Access Denied as expected.
When logged in as a non-admin user, attempting to access any URL at all will redirect to the user profile page, which will then redirect onto itself, causing the redirect loop to start anew.
I have found that if I give a specific user the "administrator" role, the redirect loop will cease for that user, and the page will no longer try to redirect to user/%username on login.
I have also found that if I give users the "administer users" permission that the redirect loop will cease, but will still redirect the user to user/%username on login.
Obviously neither of these solutions are possible as giving regular users administrator roles or the ability to administer users is a huge security risk.
Does anyone know of a fix for this, or a way to get around this with an override related to user role?
Installed modules: Block, Color, Comment, Contextual links, Dashboard, Database logging, Field, Field SQL storage, Field UI, File, Filter, Help, Image, List, Menu, Node, Number, Options, Overlay, Path, RDF, Search, Shortcut, System, Taxonomy, Text, Toolbar, Update manager, User, Chaos tools (7.x-1.0-alpha4), Page manager, Devel, Theme Developer, Fieldgroup, IMCE, Pathauto, Token, Taxonomy Menu, IMCE Wysiwyg API bridge, Wysiwyg, Webform, and several custom modules which i) provide blocks 2) provide custom pages and 3) modify the default search behaviour (splits search results by node type). None of my custom modules ever interface with the user management system, permissions system or use any of the functions provided by the user module.
I had an identical problem... spurred on by the fact I wasn't the only one faced with this issue I dug around a bit more. It was your update that gave it away - the Custom Theme.
I'm sure this could be caused by lots of different factors, but in my case and potentially yours, it was my template.php that was at fault.
I was using a custom MYTHEME_preprocess_page() to make some custom variables available in my templates. One of the variables was obviously a bit funky because when i removed it the problem disappeared. Turns out it was some left over code from when I was trying to get the user registration form into the page. It never worked and I forgot to remove it!
Hope this helps someone out there get back on track.
I haven't solution, but you can investigate in next way:
1. Goto http://SITE/admin/config/development/devel for devel module settings.
2. Check "Display redirection page" and save settings.
3. Goto http://SITE/admin/people/permissions
4. Check "Access developer information" for anon and other roles, and save.
5. Try login, it should stop on redirection pages and show where it try to redirect, so you can detect, what modules call looping.
I also had a problem with redirect-loops randomly occurring for non-admin users. Looking at /admin/reports/dblog revealed a permission problem with several nodes. I fixed it by flushing the node permissions (see /admin/reports/status/rebuild). Now everything is fine again.
Same problem for me, after hours and hours of debug and forum/blog navigation I finally found what was going on my site...
If you force login block in all pages, even if user is already logged in, only admin can navigate pages.
This is one of the possibles causes, I hope can help someone!
I had the same problem because i was loading the login form even when the user was logged in. fix it by not asking for the form only if the user is anonymous.
from https://www.drupal.org/node/1793230
Run these SQL queries in your MySQL database. If you have drush installed, you can just "drush sqlc" from your settings directory to get into a MySQL command line. Otherwise you can use PHPMyAdmin, MySQL workbench, or some other client tool to connect and run these:
Show records to be deleted:
SELECT r.rid, r.language, r.source, r.redirect FROM redirect r INNER JOIN url_alias u ON r.source = u.alias AND r.redirect = u.source AND r.language = u.language;
Then, to delete redirects shown in above query - try going to the pages shown in the row. Chances are you will get a redirect loop. Then, try again after backing up db and running the delete below. You have to turn off safe mode in MYSQL Workbench to run it, so BACKUP:
DELETE r FROM redirect r INNER JOIN url_alias u ON r.source = u.alias AND r.redirect = u.source AND r.language = u.language;
Fixed my problem, and found other pages that had loops which I didn't even realize!
Related
I am having some issues with my Drupal 7.
Because of a different bug I am having with component or panel, one that is taking over pages and hiding other parts of a page somehow, my login page has been corrupted.
what is supposed to be my /user and/or user/login page looks completely as it should not look. The username and password prompt and input fields are missing because of a component which needs to be removed. This component has somehow managed to cover or hide the thing I need.
The bug that has caused this problem is beyond the scope of this post but I believe that it is probably a requirement to log into the admin panel in order to fix the issue.
How do I log in if I can not get the login prompt page to come up as it should?
drush
You can request a one time login link for any user account using the drush command user-login :
drush user-login <uid|username|email>
It's aliased uli and default to 1 (admin), the following has probably saved millions of drupal devs ;) :
drush uli
Services module
You can also login "RESTFully" via cURL or equivalent by submitting a POST request to the appropriated endpoint without loading the form. You just need the services module.
Login remotely to Drupal 7 site using services
Authenticated Request with cURL
I'm an Admin for this page
http://developers.facebook.com/tools/debug/og/object?q=http%3A%2F%2Fwww.westberks.gov.uk%2Findex.aspx%3Farticleid%3D23789
and I've also specified that my App can administer it too. I've Liked this page so I thought I should be able to access the admin screen for the page but I can't seem to. Any ideas on how I access the admin screen for this page in FB, so I can manually publish updates?
Additionally, when I try to update page programmatically I get the message
(OAuthException) (#200) The user hasn't authorized the application to perform this action
but the page has my App listed here
http://graph.facebook.com/10150303466842688
This was definitely a bug rather than a programming or setup issue. The bug has been marked fixed by Facebook as of 1/18/2012 and everything now works as it is supposed to! Bug report:
http://developers.facebook.com/bugs/308356579205492?browse=search_4f0f1475c470b2076799347
Until this recent fix, there was a problem where OpenGraph pages did NOT allow the admins of those pages to retrieve page access tokens for them. Which means they were locked out of posting "as the page" and apparently also locked out of the Admin area for their own pages as well.
I know that this is fixed for me now with this bugfix, and hopefully it will also be fixed for everyone else.
You will need to ask for manage_pages, read_stream and publish_stream. Once your admin accepts those permissions, the app can call me/accounts on the Graph (play here https://developers.facebook.com/tools/explorer). In there will be a list of all the pages they admin. In each listing will be a unique access token. This is called the page access token. Using that token you should be able to read and write to the me/feed for that page.
i am able to login to drupal as admin but when ever i try to save any content or settings i get the error
The username admin does not exist
This is probably due to a user related module altering the $user object. Your first and best bet is to make sure you are fully up to date with all your modules. If that doesn't solve it, you should disable modules one at a time until this error goes away. Any modules related to profiles or users should be suspect - content profile, etc.
My Drupal / ubercart install has a bizarre issue. Anonymous users can access an edit page /node/44/edit for s SINGLE node only - an ubercart product. I have created a new version of the node, which does not have the issue. The tabs (view / edit) are also available on the product page to anonymous users. The issue became clear when the page was edited by a spam bot.
Is there any way I can output the decision making process which Drupal makes to the screen? For example can I output the variables to the screen which Drupal uses to make the decision about whether the user has access to a given URL or not?
Thanks in advance.
There may be a better way, but to start, you could create a custom module that implements hook_menu_alter, then dump the contents of the $items array, to see the access callback associated with /node/44/edit or /node/%/edit.
One thing to try would be to "rebuild node permissions" You do this from the admin/content/node-settings page. It might be as simple as the permissions being jacked up, which is rare but does happen sometimes.
hi friends Is there way to check wordpress logs? Like what actions admin has performed etc?
Actually I am working on a project and someone has deleted my pages templates to trash and my site was down. I want to check who did this in my wordpress admin panel?
I don't think Wordpress has an event log, at least I've never heard of one or seen one. There is a login logger plugin, but it has to be installed and doesn't work retroactively.
In theory, it should be possible to get at least the IP address of the perpetrator from the normal Apache access logs, and searching it for all recent accesses to the /wp-admin folder. That is pretty cumbersome work, though.
You can use a plugin for this: try Stream or its competitors.
You may try this Activity Log Plugin.
If you have tens of users or more, you really can’t know who did what.
This plugin tries to solve this issue by tracking what users do, and
displaying it in an easy to use and easy to filter view on the
dashboard of your WordPress site.
You can try User Activity Log - WordPress Plugin.
It helps you monitor and keep track of all the activities occurs on the admin side. It will give information about log of all user activity and admin get notified when a particular user is logged in.
The following is not about action logs, but error logs, but it is also helpful. If that happened and you have WooCommerce installed, you will have access to logs:
Admin panel->WooCommerce->Status-> a tab: [Logs]